MIST 2090 Part A Final Review

What is a database management system (DBMS)?

The software application that lets you create and work with a database

decentralization

the people making the guesses should be able to draw on their private, local knowledge

What are the major components of a relational database model?

-Data is stored data in one or more tables corresponding to entities -entities are connected through relationships -fields are often referred to as attributed and correspond to columns of the tables -entities consist of one or more attributes

What are the problems arising from the non-hierarchical/messy crowd?

-It can be hard to find what you're looking for in an ocean of uncontrolled information -some of its members behave in hurtful ways

What are the shortfalls of the conventional technical approach?

-Skilled hackers prefer social engineering attacks (its easier to fool a human than a machine) -biometric authentication and MFA prevent attacks from outsiders but not from insiders (which include negligence and malice)

What are the "best practices" for employees in regards to security?

-rotation of duties -mandatory vacations -dual control (two or more people perform the same action) -strict procedure for employee termination

What are the "best practices" for data management in regards to security?

-unlink sensitive data from other data to minimize the damage if it is stolen -systems with sensitive data should be "walled off" from other systems -anonymize sensitive data -encrypt data both in transit and in storage so that is unreadable if it falls into the wrong hands

What are the different types of database relationships?

1:1 - When an instance of one entity can have a relationship with one and only one instance of the other entity 1:m - when an instance of the first entity can have a relationship with one or more instances of the second entity, but instances of the second entity can be related to only one instance of the first m:m - when instances of each entity can be related to one or more instances of the other entity

What is a Database?

A database is an organized collection of data

What are the types of security controls?

Administrative controls, technical controls, and physical controls

Why are software updates important to security?

Allows for routine patching of newly discover vulnerabilities

What is a primary key?

An attribute that can have a unique value for every instance (record) that you store in a table (social security number, student id number, etc.)

What are cryptocurrencies?

An internet-based medium of exchange which uses cryptographically functions to conduct financial transactions

What is the AIC triad?

Availability, integrity, confidentiality; the heart of information security and often forms the basis of security policies, rules of corporate governance, etc.

What are blockchains?

Blockchains prevent cryptocurrencies from operating like "free, perfect, instant" digital goods. The blockchain contains a ledger that records all the transactions, which prevents you from spending the same bitcoin more than once.

How to model a database, generally (use of Crow's foot notation)?

Crows Foot notation is used to signify which end of the relationship is the "many" end; it is used to distinguish between the different relationships (1:1, 1:m, m:m)

Integrity

Data integrity means maintaining and assuring the accuracy and reliability of the information and systems over its lifecycle

Database vs. Spreadsheet

Database Is more powerful and flexible: • Stores more data • Enables looking at data in different ways (queries, forms, reports) • Enables greater data handling (filtering, sorting formatting) database is more complex, structures, requires more detailed knowledge.

THe crowd: OX weight example

In a fair, there was contest to guess the weight of an ox and a statisciam compiled all the answers of the guessers and it came to 1,197 when the actual weight is 1,198 so the crowd was able to produce a near perfect answer. This example shows how the crowd is a vital part of the success of a business because they can give the business the right advice or critiques to make it more successful

What are the four criteria to make crowd-based estimation effective?

Independence, diversity, decentralization, aggregation

What is mentoring and anomaly detection?

Intrusion detection (flagged account after numerous failed login attempts) intrusion prevention (blocked access to critical system from international IP addresses)

What are the conventional approaches to security?

MFA, monitoring, software updates

What is the role of good management in companies of the future?

Managers provide "social skills" of coordination, negotiation, persuasion, and social perceptiveness; how to lead today: egalitarianism and transparency of information

Availability

Refers to the ability for authorized parties to access data and systems when necessary

What is the relationship between transaction cost economics and self-organizing?

TCE suggests that the hierarchical model might be more expensive than the market model given the way that technology decreases transaction costs. Self-organizing models suggest that the hierarchical model might be too expensive given that there are ways to organize production/labor that require very little capital. Both systems state why the hierarchical model isn't the best fit just in different terms and relation to other things

What is a foreign key?

The foreign key in one table is always the primary key in another table

What is continuity planning?

The tactical plan for quickly resuming firm's business operations after a catastrophe and relies on backup sites

When and why outsiders can be more effective than experts

When things become extremely complex, look to the outsiders. Many problems, opportunities, and projects benefit from different perspectives, people, and teams; the crowd is valuable, in large part, because its massively marginal: it contains huge numbers of people who are some combination of smart, well-trained, experienced, tenacious, and motivated

What is the relationship between security controls and security frameworks?

a security framework is the overall security "plan" of an organization and is made up of various security controls that are designed to provide a balance of functions.

Technical controls

authentication, encryption, firewalls, biometrics, etc.

The core

dominant organizations, institutions, groups, and processes of the pre-internet era

What are different ways to organize the crowd?

formal hierarchies, markets, self-organizing structures (wikipedia), openness, noncredentialisim (degrees don't matter), verifiable and reversible contributions, clear outcomes, leadership

diversity

it is important to have a diverse set of guesses

Physical controls

locks, monitoring, mantraps, environmental controls

the crowd

new participants and practices enabled by the net and its attendant technologies

Administrative Controls

policies, standards, procedures, guidelines, personnel screening, training

What is multi-factor authentication?(MFA)

something you know (password) something you have (atm card) something you are (fingerprint)

Confidentiality

the property that information is not disclosed or otherwise made available to unauthorized individuals, entities, or processes; not the same as privacy, a component of privacy that is specific to unauthorized viewers

independence

the various guesses must be independent of one another; each person must guess without knowledge of what other people have guessed

aggregation

there must be some way of aggregating the guesses into a single collective guess